- djm@cvs.openbsd.org 2006/03/30 10:41:25

     [ssh.c ssh_config.5]
     add percent escape chars to the IdentityFile option, bz #1159 based
     on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@

diff --git a/ChangeLog b/ChangeLog
index b82cb1f58ee6751b850df583b017e4131bdc166d..27bcbbc31e49310a526b659bfb7f839e83bcfbbf 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,10 @@
      silencing a heap of lint warnings. also allows them to use
      __bounded__ checking which can't be applied to macros; requested
      by and feedback from deraadt@
+   - djm@cvs.openbsd.org 2006/03/30 10:41:25
+     [ssh.c ssh_config.5]
+     add percent escape chars to the IdentityFile option, bz #1159 based
+     on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
 
 20060326
  - OpenBSD CVS Sync

diff --git a/ssh.c b/ssh.c
index 7e0a8ba4bb7ca345b9ed44e3425c04bd683ec4b2..5eddd41d5d4ad2d178d41e1f6e51365cc847b53a 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.274 2006/03/28 00:12:31 deraadt Exp $ */
+/* $OpenBSD: ssh.c,v 1.275 2006/03/30 10:41:25 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -647,15 +647,15 @@ main(int ac, char **av)
                options.control_path = NULL;
 
        if (options.control_path != NULL) {
-               char me[NI_MAXHOST];
+               char thishost[NI_MAXHOST];
 
-               if (gethostname(me, sizeof(me)) == -1)
+               if (gethostname(thishost, sizeof(thishost)) == -1)
                        fatal("gethostname: %s", strerror(errno));
                snprintf(buf, sizeof(buf), "%d", options.port);
                cp = tilde_expand_filename(options.control_path,
                    original_real_uid);
                options.control_path = percent_expand(cp, "p", buf, "h", host,
-                   "r", options.user, "l", me, (char *)NULL);
+                   "r", options.user, "l", thishost, (char *)NULL);
                xfree(cp);
        }
        if (mux_command != 0 && options.control_path == NULL)
@@ -1194,9 +1194,10 @@ ssh_session2(void)
 static void
 load_public_identity_files(void)
 {
-       char *filename;
+       char *filename, *cp, thishost[NI_MAXHOST];
        int i = 0;
        Key *public;
+       struct passwd *pw;
 #ifdef SMARTCARD
        Key **keys;
 
@@ -1220,9 +1221,18 @@ load_public_identity_files(void)
                xfree(keys);
        }
 #endif /* SMARTCARD */
+       if ((pw = getpwuid(original_real_uid)) == NULL)
+               fatal("load_public_identity_files: getpwuid failed");
+       if (gethostname(thishost, sizeof(thishost)) == -1)
+               fatal("load_public_identity_files: gethostname: %s",
+                   strerror(errno));
        for (; i < options.num_identity_files; i++) {
-               filename = tilde_expand_filename(options.identity_files[i],
+               cp = tilde_expand_filename(options.identity_files[i],
                    original_real_uid);
+               filename = percent_expand(cp, "d", pw->pw_dir,
+                   "u", pw->pw_name, "l", thishost, "h", host, 
+                   "r", options.user, (char *)NULL);
+               xfree(cp);
                public = key_load_public(filename, NULL);
                debug("identity file %s type %d", filename,
                    public ? public->type : -1);

diff --git a/ssh_config.5 b/ssh_config.5
index 5b02ef821d281420e6e22ecbeb8530fcc4826717..9c621336e27aec4bb39498d6ecbcbc910e2c141f 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.89 2006/03/14 16:32:48 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.90 2006/03/30 10:41:25 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -548,8 +548,21 @@ and
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
+.Pp
 The file name may use the tilde
-syntax to refer to a user's home directory.
+syntax to refer to a user's home directory or one of the following 
+escape characters:
+.Ql %d
+(local user's home directory),
+.Ql %u
+(local user name),
+.Ql %l
+(local host name),
+.Ql %h
+(remote host name) or
+.Ql %h
+(remote user name).
+.Pp
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.